* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2
- Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting
This commit is contained in:
parent
a74df22263
commit
aba4d96b05
@ -1,6 +1,6 @@
|
|||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.21.5/restorecon/restorecon.c
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.21.7/restorecon/restorecon.c
|
||||||
--- nsapolicycoreutils/restorecon/restorecon.c 2005-01-25 10:32:01.000000000 -0500
|
--- nsapolicycoreutils/restorecon/restorecon.c 2005-01-25 10:32:01.000000000 -0500
|
||||||
+++ policycoreutils-1.21.5/restorecon/restorecon.c 2005-01-28 10:40:23.000000000 -0500
|
+++ policycoreutils-1.21.7/restorecon/restorecon.c 2005-01-28 11:38:00.000000000 -0500
|
||||||
@@ -188,7 +188,7 @@
|
@@ -188,7 +188,7 @@
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"%s: error while labeling files under %s\n",
|
"%s: error while labeling files under %s\n",
|
||||||
@ -9,3 +9,155 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c
|
|||||||
+ errors++;
|
+ errors++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.7/scripts/fixfiles
|
||||||
|
--- nsapolicycoreutils/scripts/fixfiles 2005-01-26 11:30:57.000000000 -0500
|
||||||
|
+++ policycoreutils-1.21.7/scripts/fixfiles 2005-01-28 15:21:23.000000000 -0500
|
||||||
|
@@ -37,10 +37,12 @@
|
||||||
|
SELINUXTYPE="targeted"
|
||||||
|
if [ -e /etc/selinux/config ]; then
|
||||||
|
. /etc/selinux/config
|
||||||
|
+ FILE_CONTEXT=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts
|
||||||
|
FC=`mktemp /etc/selinux/${SELINUXTYPE}/contexts/files/file_context.XXXXXX`
|
||||||
|
- cat /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local > $FC 2> /dev/null
|
||||||
|
+ cat ${FILE_CONTEXT} ${FILE_CONTEXT}.local > $FC 2> /dev/null
|
||||||
|
else
|
||||||
|
- FC=/etc/security/selinux/file_contexts
|
||||||
|
+ FILE_CONTEXT=/etc/security/selinux/file_contexts
|
||||||
|
+ FC=${FILE_CONTEXT}
|
||||||
|
fi
|
||||||
|
|
||||||
|
cleanup() {
|
||||||
|
@@ -60,7 +62,23 @@
|
||||||
|
echo $1 >> $LOGFILE
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
-
|
||||||
|
+#
|
||||||
|
+# Compare PREVious File Context to currently installed File Context and
|
||||||
|
+# run restorecon on all files affected by the differences.
|
||||||
|
+#
|
||||||
|
+diff_filecontext() {
|
||||||
|
+if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
|
||||||
|
+ TEMPFILE=`mktemp ${FILE_CONTEXT}.XXXXXXXXXX`
|
||||||
|
+ test -z "$TEMPFILE" && exit
|
||||||
|
+ /usr/bin/diff $PREFC $FILE_CONTEXT | egrep '^[<>]'|cut -c3-| grep ^/ | \
|
||||||
|
+ sed -e 's,\\.*,*,g' -e 's,(.*,*,g' -e 's,\[.*,*,g' -e 's,\..*,*,g' \
|
||||||
|
+ -e 's,[[:blank:]].*,,g' -e 's,\?.*,*,g' | sort -u | \
|
||||||
|
+ while read pattern ; do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null ; then echo "$pattern"; case "$pattern" in *"*") echo "$pattern" |sed 's,\*$,,g'>> ${TEMPFILE};; esac; fi; done | \
|
||||||
|
+ while read pattern ; do find $pattern -maxdepth 0 -print; done 2> /dev/null | \
|
||||||
|
+ ${RESTORECON} $2 -v -f -R -
|
||||||
|
+ rm -f ${TEMPFILE}
|
||||||
|
+fi
|
||||||
|
+}
|
||||||
|
#
|
||||||
|
# Log all Read Only file systems
|
||||||
|
#
|
||||||
|
@@ -80,6 +98,10 @@
|
||||||
|
# if called with -n will only check file context
|
||||||
|
#
|
||||||
|
restore () {
|
||||||
|
+if [ ! -z "$PREFC" ]; then
|
||||||
|
+ diff_filecontext $1
|
||||||
|
+ exit $?
|
||||||
|
+fi
|
||||||
|
if [ ! -z "$RPMFILES" ]; then
|
||||||
|
for i in `echo $RPMFILES | sed 's/,/ /g'`; do
|
||||||
|
rpmlist $i | ${RESTORECON} ${OUTFILES} -R $1 -v -f - 2>&1 >> $LOGFILE
|
||||||
|
@@ -128,7 +150,7 @@
|
||||||
|
usage() {
|
||||||
|
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
|
||||||
|
echo or
|
||||||
|
- echo $"Usage: $0 -R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] { check | restore }"
|
||||||
|
+ echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ $# = 0 ]; then
|
||||||
|
@@ -137,7 +159,7 @@
|
||||||
|
fi
|
||||||
|
|
||||||
|
# See how we were called.
|
||||||
|
-while getopts "Fo:R:l:" i; do
|
||||||
|
+while getopts "C:Fo:R:l:" i; do
|
||||||
|
case "$i" in
|
||||||
|
F)
|
||||||
|
fullFlag=1
|
||||||
|
@@ -151,6 +173,9 @@
|
||||||
|
l)
|
||||||
|
LOGFILE=$OPTARG
|
||||||
|
;;
|
||||||
|
+ C)
|
||||||
|
+ PREFC=$OPTARG
|
||||||
|
+ ;;
|
||||||
|
*)
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-1.21.7/scripts/fixfiles.8
|
||||||
|
--- nsapolicycoreutils/scripts/fixfiles.8 1969-12-31 19:00:00.000000000 -0500
|
||||||
|
+++ policycoreutils-1.21.7/scripts/fixfiles.8 2005-01-28 11:47:18.000000000 -0500
|
||||||
|
@@ -0,0 +1,64 @@
|
||||||
|
+.TH "fixfiles" "8" "2002031409" "" ""
|
||||||
|
+.SH "NAME"
|
||||||
|
+fixfiles \- fix file security contexts.
|
||||||
|
+
|
||||||
|
+.SH "SYNOPSIS"
|
||||||
|
+.B fixfiles [ -R rpmpackagename[,rpmpackagename...] ] [ -C PREVIOUS_FILECONTEXT ] [-l logfile ] [-o outputfile ] { check | restore | [-F] relabel }"
|
||||||
|
+
|
||||||
|
+.B fixfiles [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir/file] ... ]
|
||||||
|
+
|
||||||
|
+.SH "DESCRIPTION"
|
||||||
|
+This manual page describes the
|
||||||
|
+.BR fixfiles
|
||||||
|
+script.
|
||||||
|
+.P
|
||||||
|
+This script is primarily used to correct the security context
|
||||||
|
+database (extended attributes) on filesystems.
|
||||||
|
+.P
|
||||||
|
+It can also be run at any time to relabel when adding support for
|
||||||
|
+new policy, or just check whether the file contexts are all
|
||||||
|
+as you expect. By default it will relabel all mounted ext2, ext3, xfs and
|
||||||
|
+reiser file systems as long as they do not have a security context mount
|
||||||
|
+option. You can use the -R flag to use rpmpackages as an alternative.
|
||||||
|
+
|
||||||
|
+.SH "OPTIONS"
|
||||||
|
+.TP
|
||||||
|
+.B -l logfile
|
||||||
|
+Save the output to the specified logfile
|
||||||
|
+.TP
|
||||||
|
+.B -o outputfile
|
||||||
|
+Save all files that have file_context that differs from the default, in outputfile.
|
||||||
|
+
|
||||||
|
+.TP
|
||||||
|
+.B -F
|
||||||
|
+Don't prompt for removal of /tmp directory.
|
||||||
|
+
|
||||||
|
+.TP
|
||||||
|
+.B -R rpmpackagename[,rpmpackagename...]
|
||||||
|
+Use the rpm database to discover all files within the specified packages and restore the file contexts. (-a will get all files in the RPM database).
|
||||||
|
+.TP
|
||||||
|
+.B -C PREVIOUS_FILECONTEXT
|
||||||
|
+Run a diff on the PREVIOUS_FILECONTEXT file to the currently installed one, and restore the context of all affected files.
|
||||||
|
+
|
||||||
|
+.SH "ARGUMENTS"
|
||||||
|
+One of:
|
||||||
|
+.TP
|
||||||
|
+.B check
|
||||||
|
+show any incorrect file context labels but do not change them.
|
||||||
|
+.TP
|
||||||
|
+.B restore
|
||||||
|
+change any incorrect file context labels.
|
||||||
|
+.TP
|
||||||
|
+.B relabel
|
||||||
|
+Prompt for removal of contents of /tmp directory and then change any inccorect file context labels to match the install file_contexts file.
|
||||||
|
+.TP
|
||||||
|
+.B [[dir/file] ... ]
|
||||||
|
+List of files or directories trees that you wish to check file context on.
|
||||||
|
+
|
||||||
|
+.SH "AUTHOR"
|
||||||
|
+This man page was written by Richard Hally <rhally@mindspring.com>.
|
||||||
|
+The script was written by Dan Walsh <dwalsh@redhat.com>
|
||||||
|
+
|
||||||
|
+.SH "SEE ALSO"
|
||||||
|
+.BR setfiles (8), restorecon(8)
|
||||||
|
+
|
||||||
|
Binary files nsapolicycoreutils/scripts/fixfiles.8.gz and policycoreutils-1.21.7/scripts/fixfiles.8.gz differ
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Summary: SELinux policy core utilities.
|
Summary: SELinux policy core utilities.
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 1.21.7
|
Version: 1.21.7
|
||||||
Release: 1
|
Release: 2
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -80,7 +80,8 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-1
|
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2
|
||||||
|
- Fix fixfiles patch
|
||||||
- Upgrade to latest from NSA
|
- Upgrade to latest from NSA
|
||||||
* Prevent overflow of spec array in setfiles.
|
* Prevent overflow of spec array in setfiles.
|
||||||
- Add diff comparason between file_contexts to fixfiles
|
- Add diff comparason between file_contexts to fixfiles
|
||||||
|
Loading…
Reference in New Issue
Block a user